The handling of the target attribute used alloca to allocate
a copy of unverified user input, which could exhaust the stack
if the input is too long. This patch converts it to auto_vecs
instead.
I wondered about converting it to use std::string, which we
already use elsewhere, but that would be more invasive and
controversial.
I'll push tomorrow evening UK time if there are no comments
in the meantime.
Richard
gcc/
* config/aarch64/aarch64.cc (aarch64_process_one_target_attr)
(aarch64_process_target_attr): Avoid alloca.
---
gcc/config/aarch64/aarch64.cc | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
index 7f0cc47d0f0..0d41a193ec1 100644
--- a/gcc/config/aarch64/aarch64.cc
+++ b/gcc/config/aarch64/aarch64.cc
@@ -19405,8 +19405,10 @@ aarch64_process_one_target_attr (char *arg_str)
return false;
}
- char *str_to_check = (char *) alloca (len + 1);
- strcpy (str_to_check, arg_str);
+ auto_vec<char, 32> buffer;
+ buffer.safe_grow (len + 1);
+ char *str_to_check = buffer.address ();
+ memcpy (str_to_check, arg_str, len + 1);
/* We have something like __attribute__ ((target ("+fp+nosimd"))).
It is easier to detect and handle it explicitly here rather than going
@@ -19569,8 +19571,10 @@ aarch64_process_target_attr (tree args)
}
size_t len = strlen (TREE_STRING_POINTER (args));
- char *str_to_check = (char *) alloca (len + 1);
- strcpy (str_to_check, TREE_STRING_POINTER (args));
+ auto_vec<char, 32> buffer;
+ buffer.safe_grow (len + 1);
+ char *str_to_check = buffer.address ();
+ memcpy (str_to_check, TREE_STRING_POINTER (args), len + 1);
if (len == 0)
{
--
2.25.1
